SOAR Use Case: Data Loss Prevention (DLP) Alert Triage
One of the many use cases that Devo SOAR customers have implemented and benefited from is that of automating monitoring of users writing files to external USB drives.
Monitoring user behavior within the network has grown in importance over recent years, and this need only adds to the growing list of tasks and challenges for the SOC.
Devo SOAR provides automated analysis of logs related to external file copies and can automate the escalation of alerts for suspicious activity. The intelligent automation goes beyond orchestration and data enrichment to automatically perform baseline analysis on normal behavior, in this case for copying files to external drives. The same baseline function can be easily applied to any other data source for more accurate and effective alert triage and prioritization.